openid-connect

问题 I am implementing single sign-in with OAuth2 and OpenID Connect for a distributed web application. The Authorization Server is running on its own. I've implemented the access token endpoint and currently trying to implement the authorization endpoint (for Authorization Code flow). This is my understanding of what should happen GET http://authserver/authorize?client_id=1& state=BB& _________ scope=read_user& ____________ | | redirect_uri=myapp/callback | | | |----------------------------------

问题 I am implementing single sign-in with OAuth2 and OpenID Connect for a distributed web application. The Authorization Server is running on its own. I've implemented the access token endpoint and currently trying to implement the authorization endpoint (for Authorization Code flow). This is my understanding of what should happen GET http://authserver/authorize?client_id=1& state=BB& _________ scope=read_user& ____________ | | redirect_uri=myapp/callback | | | |----------------------------------

问题 How can I get the the roles included in the reply of the userinfo endpoint in keycloak. I defined a "Role Mapping" for the user in keycloak. When I call the userinfo endpoint I get the fields like email name etc, but the roles are not included in the reply. When I call the auth endpoint I get the access_token and in the field scope has roles included. Here is the reply from the auth endpoint: access_token" QJsonValue(string, "eyJhb...") "expires_in" QJsonValue(double, 300) "not-before-policy"

问题 From the recent release and conversation below, it says that now Katana(4.1.0) supports code-flow with automatic code redemption(that meaning we do not have call tokenendpoint explicitly to redeem the code for idtoken, accesstoken etc) https://github.com/aspnet/AspNetKatana/pull/297 so, I've upgraded Katana dlls and have p Notifications = new OpenIdConnectAuthenticationNotifications() { RedirectToIdentityProvider = OnRedirectToIdentityProvider, //MessageReceived = OnMessageReceived, --

问题 I want to add a security definition to an API to run it in the google cloud scheduler (using OIDC token, and a service account).My openapi.yml looks like this "/common/test": post: description: "test" operationId: "test" responses: 200: description: "Success" 400: description: "Fail" security: - service_account: [] securityDefinitions: service_account: authorizationUrl: "" flow: "implicit" type: "oauth2" x-google-issuer: "xx@example.iam.gserviceaccount.com" x-google-jwks_uri: "https://www

问题 I want to add a security definition to an API to run it in the google cloud scheduler (using OIDC token, and a service account).My openapi.yml looks like this "/common/test": post: description: "test" operationId: "test" responses: 200: description: "Success" 400: description: "Fail" security: - service_account: [] securityDefinitions: service_account: authorizationUrl: "" flow: "implicit" type: "oauth2" x-google-issuer: "xx@example.iam.gserviceaccount.com" x-google-jwks_uri: "https://www

问题 Reading the description here it says: WebFinger — Enables dynamic discovery of the OpenID Connect provider for a given user, based on their email address or some other information. Can someone give an example of how this works (Description is somewhat abstract)? 回答1: WebFinger is a protocol defined in RFC7033. There is a complete example in section 3.1: 3.1. Identity Provider Discovery for OpenID Connect Suppose Carol wishes to authenticate with a web site she visits using OpenID Connect. She

问题 I think this is an error related to angular 5.2.8 & 6 . With angular 5.2.7 work fine. I create a ng5 branch and update angular to latest 5.2.8 and the error com in! anybody can direct me to an angular 5.2.8 and later sample with oidc-client-js ? 回答1: It is caused by URI encoding of state in the window.location.hash. For me this fix the issue: if (window.location.hash) { window.location.hash = decodeURIComponent(window.location.hash); // authorizedCallback returns wrong result when hash is URI

问题 We are using an automation process currently in our environment. We have WSO2 5.3.0. I need to configure Oauth2/Openid Service Provider using XML configuration files. All the documentation, examples, etc, is oriented to SAML2 and not to Oauth2/OpenId. Can somebody help me? 回答1: At the moment you cannot create OAuth / OIDC applications through config files. You can add the service provider configs through config files. Problem is it does not populate the section "Inbound Authentication

问题 i am trying to connect Okta with a custom Django (v.3.0.2) app i am coding, using the mozilla-django-oidc library. So far the initial user authentication and account creation (using Django's user model) works, but i don't understand what i need to do to have the Django AdminSite work. The Adminsite, before introducing mozilla-django-oidc worked as expected. I created an admin user, named "admin" and the user was able to login. To integrate the mozilla-django-oidc library i followed the